TitleApplying the SCR Requirements Method to a Simple Autopilot
Publication TypeConference Paper
Year of Publication1997
AuthorsBharadwaj, R., and C. L. Heitmeyer
Conference NameFourth NASA Langley Formal Methods Workshop
Conference LocationHampton, Virginia

Although formal methods for developing computer systems have been available for more than a decade, few have had significant impact in practice. A major barrier to their use is that developers find formal methods difficult to understand and apply. One exception is a formal method called SCR for specifying computer system requirements which, due to its easy-to-use tabular notation and demonstrated scalability, has achieved some success in industry. To demonstrate and evaluate the SCR method and tools, we recently used SCR to specify the requirements of a simplified mode control panel for the Boeing 737 autopilot. This paper presents the SCR requirements specification of the autopilot, outlines the process we used to create the SCR specification from a prose description, and discusses the problems and questions that arose in developing the specification. Formalizing and analyzing the requirements specification in SCR uncovered a number of problems with the original prose description, such as incorrect assumptions about the environment, incompleteness, and inconsistency. The paper also introduces a new tabular format we found useful in understanding and analyzing the required behavior of the autopilot. Finally, the paper compares the SCR approach to requirements with that of Rickey Butler of NASA Langley Research Center, who uses the PVS language and prover of SRI International to represent and analyze the autopilot requirements.

